If most of your visitors are coming from Google (organic) or social networks, they're probably visiting directly version https.
But what if there are visitors who visit your site directly?
In my case, I usually type "igu", my browser suggests "iguru.gr" and I press enter.
By default, the browser sends the request to "https://iguru.gr" and later redirects it to "https://iguru.gr".
Why is redirection from HTTP to HTTPS slow?
If you have configured https in WordPress settings, then WP will take care of the redirection. This will be done by PHP. However, depending on the hosting provider and the speed of the server, redirection via PHP can be slow. So it is better to disconnect it from PHP.
Let's see what we can do.
Set up Web Server to redirect to HTTPS
Setting up a Web Server like Nginx / Apache / LiteSpeed for redirect will always do it faster than PHP.
Apache / LiteSpeed
If you have Apache or LiteSpeed Web Server, add the following source code to the .htaccess file:
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Nginx
In Nginx, add the following setting:
server {listen 443 ssl; add_header Strict-Transport-Security "max-age = 31536000; includeSubDomains" always; }
Cloudflare
If you use Cloudflare, things are very easy. From the SSL / TLS - Edge Certificates settings, enable the "Always Use HTTPS" option.
Optionally, select the "Automatic HTTPS Rewrites" option.
Or you can also add a meta tag to tell the browser to use HTTPS for all requests within a page.
Policy" content="upgrade-insecure-requests">
Enable HSTS
HSTS or HTTP Strict Transport Security is a response header.
Simply put, it tells the browser “this o website will have HTTPS for so many days, so use HTTPS as default”.
So the next time someone enters "iguru.gr" or "https://iguru.gr", the browser will open directly "https://iguru.gr".
Apache / LiteSpeed
Add the following code to the .htaccess file:
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Nginx
In Nginx, add the following setting:
server {listen 443 ssl; add_header Strict-Transport-Security "max-age = 31536000; includeSubDomains" always; }
Cloudflare
From the SSL / TLS - Edge Certificates settings enable HTTP Strict Transport Security (HSTS)
Enter the following settings:
Verify HSTS
You can check if it works or not by checking the response header:
You can also visit the page https://hstspreload.org/ to check the same.
Submit to the Chrome HSTS list
Even if you have HSTS enabled, o user visiting your site for the first time will have a redirect from HTTP to HTTPS.
However, Chrome maintains a list of HSTS hardcoded sites in the browser (and other browsers use the same list). Therefore, if your site is added to this list, you no longer need to be redirected!
From address https://hstspreload.org/ submit your domain.
and
Then click Submit and wait for it to be added to the Chrome hardcoded list.
Are you ready!